Privacy Policy

Last updated: March 11, 2026

1. What We Collect

TrezzerChest collects the minimum data necessary to provide an allowance management experience for families.

Parent Accounts

  • Email address (via Google sign-in or email/password registration)
  • Authentication identifiers (Firebase UID)
  • Login history (email and timestamp of each login)

Child Profiles

Parents create and manage child profiles. We store:

  • Child's first name and date of birth
  • A username and password (password is stored as a secure bcrypt hash, never in plain text)
  • Timezone setting
  • Financial settings (allowance amount, recurrence, interest rate, donation multiplier)

Financial Activity

  • Transaction records including deposits, withdrawals, and donations
  • Automatically generated transactions (allowance payments and compound interest) based on your configured settings
  • Transaction dates, amounts, and optional comments
  • Child withdrawal requests and their approval status

2. How We Use Your Data

Your data is used solely to provide the TrezzerChest service:

  • Authenticating parent and child logins
  • Automatically generating allowance and interest transactions on your configured schedule
  • Calculating balances and financial summaries
  • Displaying transaction history
  • Processing withdrawal requests between children and parents

We do not sell, rent, or share your personal data with third parties for marketing purposes. Children's data is never used for advertising or profiling.

3. Third-Party Services

TrezzerChest uses the following third-party services:

  • Firebase Authentication (Google) — handles parent login securely. Firebase may store authentication state in your browser's local storage. Google's privacy policy applies to authentication data they process.
  • Google Analytics — collects anonymous usage statistics (pages visited, session duration). No personal financial data is sent to Google Analytics.
  • Google Fonts — serves the Inter typeface used throughout the app. Google may log font requests (IP address, user agent).
  • Ko-fi — optional donation widget on the landing page. Ko-fi's own privacy policy applies if you choose to interact with it.

4. Data Storage and Security

  • Financial data is stored in a server-side database. It is never exposed to other users.
  • Child passwords are hashed using industry-standard bcrypt before storage.
  • Parent authentication uses Firebase ID tokens verified server-side with RSA signature validation.
  • All API requests require authentication. Parents can only access their own children's data.
  • CSRF protection is in place on all forms.

In the unlikely event of a data breach, we will notify affected users as promptly as possible and take immediate steps to mitigate any harm.

5. Children's Privacy (COPPA)

TrezzerChest is designed for families and takes children's privacy seriously. We comply with the Children's Online Privacy Protection Act (COPPA) in the following ways:

  • Child accounts can only be created by a parent or legal guardian. Children cannot register themselves.
  • We collect children's first names and dates of birth only as provided by their parent, solely for the purpose of calculating allowance schedules and age-based increases.
  • We do not collect children's email addresses, phone numbers, physical addresses, or location data.
  • Children's data is never used for advertising, profiling, or shared with third parties.
  • Parents can review, edit, or permanently delete all of their child's data at any time.

By creating a child profile, the parent or guardian consents to the collection and use of that child's data as described in this policy. If you believe a child's data has been collected without proper parental consent, please contact us immediately.

6. Your Rights

As a parent using TrezzerChest, you can:

  • Access all data associated with your account and your children's profiles at any time through the dashboard.
  • Edit your children's profiles and financial settings.
  • Delete a child's profile and all associated transaction history permanently through the edit page. This action is irreversible.

To request deletion of your parent account and all associated data, please contact us using the information below.

7. Cookies and Browser Storage

TrezzerChest uses session cookies to maintain your login state. These are essential for the app to function and expire when you close your browser or log out.

Firebase Authentication may also store authentication tokens in your browser's local storage to keep you signed in between visits. You can clear this data by logging out or clearing your browser storage.

We do not use advertising or tracking cookies. Google Analytics uses its own cookies as described in Google's privacy policy.

8. Data Retention

Your data is retained for as long as your account is active. Specifically:

  • Child profiles and transaction history are kept until you delete them.
  • Parent login history is retained for administrative and security purposes.
  • When you delete a child's profile, all associated transactions and pending withdrawals are permanently and immediately removed.

9. Eligibility

You must be at least 18 years old to create a parent account on TrezzerChest. Child accounts are intended for use by minors under the supervision of their parent or guardian.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected on this page with an updated date. Continued use of TrezzerChest after changes constitutes acceptance of the revised policy.

11. Governing Law

This privacy policy is governed by the laws of the United States. If you are accessing TrezzerChest from outside the United States, please be aware that your data may be transferred to and processed in the United States.

12. Contact

If you have questions about this privacy policy, want to request data deletion, or need to report a concern about children's privacy, please reach out through loreteller.com.